Aliases: Win32.Tborr.A, Win32.HLLW.Tborro
Variants: W32/Tborr.worm, W32/Tborr-A, WORM_TBORRO.A

Classification: Malware
Category: Computer Virus

Status: Active & Spreading
Spreading: Moderate
Geographical info: Asia, North and South America, and some parts of Europe and Australia
Platform: W32
Discovered: 08 Jan 2003

Characteristics: The W32.Tborro application replicates itself to the floppy disk drive and to the hard drive. When the virus run, it shows a message heading “THE TRASH”

More details about W32.Tborro

When the W32.Tborro was executed, there will be a specific message that will appear in your screen. The worm replicates itself to the Drive A to Z with the files Tborro, WINNTTborro, Documents and SettingsAdministradorEscritorioTborro, Documents and SettingsAdministradorTborro, Documents and SettingsAdministradorMis documentos, Documents and SettingsAdministradorMis documentosTborro, Tborro having .exe extension. It also adds values to the registry key so that the virus can execute when the Windows will be started. It also modifies of the homepage of the Internet Explorer by changing Value Data of the Value of Start Page found in the registry key. It also tries to delete files from the Drive C Winnt File Folder.

The W32.Tborro application is downloader Trojan program. It may connect to a remote server to request for new programs. It may also install or execute these downloaded files. Downloaded files may include surveillance tools, data mining tools and rootkit tools. It may also include other Trojan programs that is may be used to further compromise the computer. The W32.Tborro application utilizes a rootkit tool to rename the files it downloads. This allows the program and its downloaded files to continue functioning in the computer’s background. The rootkit tool may also disable system securities. System securities may include anti-malware applications and firewalls. This makes the downloader Trojan program hard to detect and remove.